First, what we know: Twitter, Facebook and now Apple have all made announcements in the last week about security breaches at their organizations that involved staff computers being infected with malware. Twitter was the first company to go public with the information on February 2nd. But the company said at the time that other firms were likely to have been breached, also.

At the time Facebook said that its analysis of the attack turned up evidence of other, compromised companies and that it had notified them of the finding, and also notified law enforcement. The announcement, Tuesday, from Apple gives us information on at least one of those other victims.

Apple admitted that its employees were ensnared by an attack that used a mobile application development site as a “watering hole” to target developers at prominent firms.

But will there be others? The answer is almost certainly ‘yes.’ For one thing: Facebook’s CSO all but confirmed that the watering hole web site – a mobile application developer resource – was popular and that the list of compromised companies was a long one. Any mobile developer who visited that site with browser that had Java enabled was likely attacked and had malware implanted on their system – Windows or Mac.

“It’s the type of forum that anyone who was building apps for mobile devices would visit,” Facebook’s Sullivan told AllThingsD. “It’s pretty popular for sharing tips, tricks, etc.” The question isn’t who’s been hacked, but who is sophisticated enough to discover the hack that’s already taken place, AllThingsD says.

That report also names the site involved, though notably without any attribution. As more information becomes public about the site that was compromised, the malware used and how long the compromise lasted, its likely that we’ll be hearing more companies disclosing compromises linked to their employees, as well.

Spread the word!

0shares

Author: PaulI'm an experienced writer, reporter and industry analyst with a decade of experience covering IT security, cyber security and hacking, and a fascination with the fast-emerging "Internet of Things."